Understanding cybersecurity

for IoT-enabled electrical

distribution systems

by Adam Gauci

Executive summary
The Internet of Things is helping organizations
to improve productivity and profitability by un-
locking the power of data from the edges of their
electrical distribution systems. IoT-enabled
devices and innovative applications are boosting
energy efficiency, electrical safety, equipment
and process reliability, and power availability.
However, with increased connectivity and
increased IT/OT convergence comes increased
cybersecurity risks. The IEC 62443 standard
offers a consistent, simplified way to define the
level of cybersecurity management needed to
ensure a robust electrical infrastructure.
 Schneider Electric Rev 0 2

Introduction Gartner forecasts that 14.2 billion connected things will be in use in 2019, and that
the total will reach 25 billion by 2021, producing immense volume of data. 1 IoT has
become a necessity for maintaining a competitive edge, with an estimated 94% of
businesses seeing a return on their IoT investment. 2

In addition to building and process automation, the IoT has migrated to the electrical
infrastructures of buildings. Smart meters, sensors, circuit breakers and other types
of protection and control devices continue to grow in intelligence and connectivity.
The data they deliver feeds increasingly powerful analytic applications.

Figure 1
The Internet of Things
continues to connect
more devices, systems,
processes, and buildings,
while increasing the risk
of cyberattacks.

Whether accessed in the cloud or onsite at the ‘edge’ of power distribution, facility
and financial teams are using these IoT-enabled applications to reach deeper into
their electrical distribution systems, gaining extensive insights into operational per-
formance, as well as security and reliability of energy supply. This is helping improve
safety, productivity, and profitability by:

“With cyberattacks on the • Improving safety – 22% of fires have electrical origins. 3 Wireless sensors pro-
rise, successful breaches vide continuous thermal monitoring on busbars and other connection points,
per company each year with edge control software providing early detection and pre-alarming on con-
has risen more than 27 ditions that could cause fires. Such systems also avoid the cost of installing
percent, from an average of switchgear IR windows and performing periodic, manual IR scans.
102 to 130.” • Improving power and energy performance – Extensive data acquisition and
Ponemon Institute / analytic capabilities at the device, desktop, and cloud layers enable facility
Accenture teams and service providers to reveal energy inefficiencies to help cut energy
spend, while providing early warning of power anomalies that can put equip-
ment and uptime at risk. If an outage does occur, immediate access to cap-
tured data helps operations and maintenance teams identify the source and re-
store power quickly and safely.
• Improving asset performance – A network of IoT-enabled devices helps gain
real-time visibility on the health of critical power assets like circuit breakers,
gensets, and transformers. This enables a transition from reactive to

1
Gartner Press Release, Gartner Identifies Top 10 Strategic IoT Technologies and Trends,
November 2018
2
“Next big things in IoT predictions for 2020”, IT Pro, 2018
3
“Fire in the Workplace”, Electrical Contractor

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 3

predictive, condition-based maintenance strategies. Cloud-hosted apps pro-

Case studies vide advanced analytics and enable expert services that help facility teams
identify risks, extend equipment life, and save money.
In the weeks following a crip-
pling ransomware attack in • Maintaining compliance and achieving sustainability – IoT technology is
early 2019, Norwegian alumi- making it more affordable to meter, analyze, and report on energy perfor-
num producer Norsk Hydro mance. This is simplifying compliance with emissions regulations, while help-
estimates their losses already ing facility teams achieve superior energy performance by following best prac-
totaled $40 million, most in tices such as the ISO 50001 standard. Digital systems are increasingly being
lost revenue. The business recommended or required in electrical design standards like IEC 60364-8-1, 4
worst hit was still only operat- and contribute to credits toward green building rating systems, such as LEED,
ing at 70-80%, while another
BREEAM, and Green Mark. 5
remained at a near standstill.

In 2017, Spanish food distrib- Although the benefit of increasing intelligence in electrical power distribution equip-
utor Mondelez and Danish ment is clear, this key operational technology (OT) is becoming more exposed to the
shipping company Maersk suf-
risk of cyberattacks. Like information technology (IT) systems, there is an urgent
fered damages of $100 million
and $300 million, respectively, need for organizations to invest in implementing cybersecurity best practices for
from ransomware attacks. their connected, intelligent electrical systems.

ZD Net It may seem a daunting task to develop a comprehensive cybersecurity manage-

ment strategy for a facility’s electrical infrastructure. Fortunately, the IEC 62443
standard can act as an OT cybersecurity framework, helping simplify the definition of
requirements. This paper offers a brief introduction to the drivers for electrical sys-
tem cybersecurity and the guidance offered by the IEC 62443 standard.

Consequences A cyberattack on any IT or OT system can be devastating to a business. An attack

on corporate servers and databases risk the loss of intellectual property, customer
of an electrical data and, in turn, customer trust. An attack on operational systems can cause
system cyber- lengthy and costly downtime (see sidebar), as well as posing a severe risk to safety.

attack Specifically, for electrical systems, a cyberattack can have major consequences:

• If the attack results in a data breach, the attacker may obtain access to load
profiles, which could be considered competitive data (e.g., server usage)
• If the attack causes equipment malfunctions, it can be a safety risk to employ-
ees or the public. For example, a stopped process at a petrochemical plant can
cause a dangerous explosion.
• If the attack causes a power outage, it can cause massive losses, such as
hardening of liquified metal at a steel mill. A loss of power at a hospital can put
lives at risk if backup power systems fail.

“67 percent of respondents Table 1 lists some typical disruption costs for various types of industries.
say their companies have
had at least one security
compromise that led to the
loss of confidential
information or disruption to
operations over the last 12
months…”
Ponemon Institute /
Unisys

4
“IEC 60364-8-1:2019 Low-voltage electrical installations ... Energy efficiency”, IEC
5
“Green Building Standards and Certification Systems”, WBDG

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 4

Industry Cost of disruption*

Table 1
Semiconductor € 3,800,000 per event
Typical costs of downtime Financial trading € 6,000,000 per hour
for major industries
Data center € 750,000 per event
* Source: Copper Develop- Telecommunications € 30,000 per minute
ment Association, Allianz
Global Corporate & Specialty, Steel works € 350,000 per event
Schneider Electric customer
testimony Glass industry € 250,000 per event
Hospital (200 room) € 1,000,000 per 8 hour event
O&G off-shore platform € 30,000,000 per day

The attack The growth in IoT connected devices is making them an attractive target for criminal
cyberattacks. The Internet Society’s Online Trust Alliance notes that “IoT devices
surface is are a clear attack vector” for many types of cyberattacks. 6 In fact, Kaspersky Labs
growing reported that “during the first half of 2018, IoT devices were attacked with more than
120,000 modifications of malware, which is more than triple the amount of IoT mal-
ware seen throughout 2017 [and] is a continuation of a dangerous trend.” 7

Due to the trends in IoT growth and IT/OT convergence, the attack surface of net-
works is increasing and, as a result, so is their vulnerability to cyberattacks. As re-
ported by security research and education organization SANS Institute, “The sys-
tems to which IIoT [industrial IoT] devices connect to double in size roughly every
three to seven years, resulting in increased network complexity as IT and OT be-
come more connected [creating] unique risks associated with rapid growth in the ex-
panding volume of endpoints, broader connectivity, and ultimately higher degrees of
remote accessibility.” 8

The primary risk exposed by IT and OT convergence is that a single insecurity in

one network can lead to the breach of another connected network. There have been
many examples of cyberattacks coming though unexpected vulnerabilities.

“Every new connection Case studies

expands an attack surface
to the IIoT solution and In 2017, Verizon reported on an unnamed university whose students were
other systems with which it complaining about “slow or inaccessible network connectivity.” The IT secu-
interacts.” rity team discovered that hackers had used an IoT botnet to hijack vending
machines and 5,000 other IoT devices. “While these IoT systems were sup-
SANS Institute
posed to be isolated from the rest of the network, it was clear that they were
all configured to use DNS servers in a different subnet.” 9

The infamous 2013 hack on international retailer Target resulted in the com-
promise of 40 million credit and debit card accounts, costing the company an
estimated $290 million. The breach came through the HVAC system – using
the stolen credentials of a contractor – enabling the hackers to access and
install malware into the Target point-of-sale systems. 10

6
“2018 Cyber Incident & Breach Trends Report”, Internet Society, 2018
7
“Kaspersky Lab Report: IoT Malware …”, Kaspersky, 2018
8
“The 2018 SANS Industrial IoT Security Survey: Shaping IIoT Security Concerns”, SANS Institute
9
“Data Breach Digest”, Verizon, 2017
10
“How Hackers Exploit Cybersecurity Vulnerabilities”, FacilitiesNet

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 5

From these examples, it is not difficult to imagine that a cyberattack that poses a
risk to data on an IT network can, in turn, lead to an attack on a connected electrical
system network that puts power availability at risk, or vice versa.

Raised awareness of these threats has put cyber incidents as the top interruption
trigger feared by businesses. 11 Clearly, every organization needs to make cyberse-
curity a top priority going forward, and that includes securing all IT and OT systems,
including the smart, connected electrical infrastructure.

Reconciling When it comes to cybersecurity, the priorities of IT and OT teams often overlap but
do not perfectly align on all drivers. For example, one industrial IoT survey revealed
IT and OT that “the IT team is most concerned with the protection of data, guarding against fi-
priorities nancial loss and compliance with industry regulations, while the OT team empha-
sizes increases in reliability, availability, efficiency and production, safety inside the
organization, and protection of equipment and systems.” 12 Most of the highest
ranked drivers for OT teams noted above can be directly correlated with the safe, re-
liable and continuous operation of the electrical infrastructure.

With the increasing number of IoT connected devices, and the convergence of IT
and OT systems, it has become necessary that IT and OT teams work closely to-
gether on cybersecurity management to ensure all attack surfaces are protected and
that both teams can deliver a fast, coordinated response to any cybersecurity vul-
nerability or attack.

However, working together can be a challenge for both parties due to their different
responsibilities and experience. As IT departments have cybersecurity expertise,
they may be asked to lead cybersecurity efforts for a facility’s OT systems. Yet, the
IT team does not typically have any experience in OT systems like electrical distribu-
Figure 2 tion. If applied to OT, many IT policies and processes can create disruptions in the
OT system. This may raise concerns that any error on their part may risk causing a
Difference in power outage. Similarly, facility operations teams with electrical distribution exper-
responsibilities and tise will often have little or no experience with cybersecurity. They may even per-
expertise between IT ceive its implementation as having negative impacts on their efficiency.
and OT teams

The IEC 62443 standard gives IT and OT teams a common ground to work from.
The standard helps an OT team specify the security level needed for the OT sys-
tems (including electrical distribution), while the IT team uses the standard to

11
“Allianz Risk Barometer – Top Business Risks for 2019”, Allianz
12
“The 2018 SANS Industrial IoT Security Survey: Shaping IIoT Security Concerns”, SANS Institute

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 6

understand the security needs of the OT systems. The standard acts as a shared
point of understanding – a ‘bridge’ for cooperation between the two teams.

Finally, a comprehensive cybersecurity framework for an electrical distribution sys-

tem can be challenging for an organization to develop. Designing an electrical sys-
tem that complies with the IEC 62443 standard makes it simpler to ensure the ap-
propriate level of cybersecurity while providing consistency of specification.

Assessing Jointly developed by committees of the International Standards Association (ISA)

and the International Electrotechnical Commission (IEC), the IEC 62443 is a series
risks of standards designed to “address the need to design cybersecurity robustness and
resilience into industrial automation control systems (IACS) … applied in the broad-
est possible sense, encompassing all types of plants, facilities, and systems …
hardware and software systems such as DCS, PLC, SCADA, networked electronic
sensing, and monitoring and diagnostic systems.” 13 As IoT-enabled monitoring and
control of electrical distribution systems can be considered within this broad cate-
gory, the standard is relevant.

Figure 3
The IEC 62443 standard has been approved by many countries and is being
The IEC 62443
cybersecurity standard adopted by many organizations, including Schneider Electric. The standard helps
applies to all kinds of OT guide an organization through assessing risk and “identifying and applying security
systems, including countermeasures to reduce that risk to tolerable levels.” It recognizes that every
electrical distribution IACS presents a different risk to an organization. A risk assessment looks at all rele-
networks. vant incident scenarios, and assigns value levels based on:

• threats the system may be exposed to

• likelihood of those threats
• vulnerabilities inherent in the system
• assets affected, i.e., develop an inventory of all valuable assets that need pro-
tection, including physical (e.g., monitoring and control systems, network com-
ponents, anything involved in management of processes and business), logical
(e.g., intellectual property, proprietary practices, etc.), and human (e.g., an er-
roneous plant alarm causing personnel to initiate shutdown, any type of attack
that can result in injury to a person)
• consequences of assets and business processes being compromised

After the risk analysis is the determination of risk tolerance level. Depending on how
risk adverse a particular organization is, the management team must “explicitly

13
“The 62443 series of standards - Industrial Automation and Control Systems Security”, ISA

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 7

define and understand what its risk appetite or tolerance is, so it can better analyze
its level of response to residual risks identified.”

Seven pillars of The priorities of IT groups are typically focused on maintaining system security,
through: confidentiality, integrity, and availability. OT groups are focused primarily
cybersecurity on keeping operations running, through: safety, reliability and confidentiality. The
IEC 62443 standard helps protect IoT-enabled OT systems by expanding this to
seven foundational requirements:

1. Access Control: Protect the component by verifying the identity of any user
requesting access to a component before activating the communication with
that component. When used in conjunction with security event logging this
will include ensuring ‘non-repudiation,’ i.e., a person cannot deny that they
performed a particular action.
2. Use Control: Protect against unauthorized actions on component resources
by verifying that the necessary privileges have been granted before allowing a
user to perform the actions. This must address what a hacker can potentially
do if they access the system and counteract that by giving the least level of
access necessary.
3. Data Integrity: Ensure that the components will perform as intended during
operational and non-operational states, such as energy production and stor-
age, or a maintenance shutdown. Consider the example of a power utility cus-
tomer being billed for energy. Bills must be based on reliable, trustworthy
data. The utility and customer cannot afford a data breach. Or consider a cir-
cuit breaker that is going to fail. If the SCADA system is hacked and is forced
to indicate everything is okay, that could cause an unexpected and dangerous
failure.
4. Data Confidentiality: Protection of component-generated confidential or
sensitive nature information, whether at rest or in transit. Consider if the infor-
mation regarding data center server loading was accessed by a hacker. That
proprietary business data can define how successful the data center is, which
can be highly valuable to a competitor.
5. Restrict Data Flow: Ensure the connection of the device to a segmented
network where disconnection strategy, unidirectional gateway, firewall, and
demilitarize zones are defined to avoid unnecessary data flow. Network seg-
mentation is a strategy that can stop a cyberattack from going from one con-
nected system to another (e.g., from the electrical network to the business
network).
6. Timely Response to Event: Respond to security violations by notifying the
proper authority, reporting needed evidence of the violation, and taking timely
corrective action when incidents are discovered in mission-critical or safety-
critical situations.
7. Resource Availability: Ensure the availability of the application or device
against the degradation or denial of essential services.

Of the overlapping requirements between IT and OT security (highlighted in green in

the above list), OT teams place a different order of priority. In the case of electrical
distribution systems, the top priority will be to maintain safety and power availability
(see Figure 4).

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 8

Figure 4
Difference in security
priorities between IT and
OT teams

Determining For each of these seven requirements, the organization must define the required se-
curity level. At increased security levels there is greater protection against more so-
appropriate phisticated attacks (see Figure 5).
security levels Security levels define the cybersecure functions embedded at the device level and
throughout an OT (e.g., electrical distribution) system. Increasing the device and
system robustness makes it more resistant to cyber threats.

Figure 5
The four levels of
cybersecurity defined by
the IEC 62443 standard.

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 9

For each security level, the IEC 62443 standard specifications define a broad list of
requirements necessary to obtain compliance for end-devices and systems. For ex-
ample, under IEC 62443-3-3 for systems, the SL1 level includes 37 individual re-
quirements, while SL2 includes all the requirements of SL1 plus 23 additional re-
quirements. Typically, a single security level (e.g., SL1 or SL2) would be applied
consistently across all seven foundational requirements. The end-user organization
needs to choose the security level for their system based on the risk tolerance the
organization is willing to accept.

For electrical system designers and their clients, specifying cybersecurity features
can be a complex and cumbersome process. The IEC 62443 simplifies the process
by allowing end users to specify a target security level of cybersecurity compliance
for a facility’s electrical distribution system and components.

Case study

In 2015, a Ukrainian regional electricity distribution company experienced a

cyberattack that enabled a foreign entity to remotely control the SCADA dis-
tribution management system of three different energy companies. The at-
tack caused seven major substations – and, ultimately, additional portions of
the distribution grid – to be disconnected for three hours, forcing operators to
switch to manual mode. In total, this caused power outages affecting approxi-
mately 225,000 customers. 14 Analysis of the attack revealed that the attack-
ers had access to the system for many months beforehand. Having an appro-
priate level of cybersecurity measures in place could have alerted the opera-
tors to this intrusion, potentially allowing them to avoid the situation.

Next steps Guided by the IEC 62443 standard, there are a number of important steps that sys-
tem designers and facility owners and managers should follow to ensure that their
connected electrical distribution systems – including network, control, and safety
system solutions – are as secure as possible.

1. Consultation: Find an electrical power distribution specialist with a deep un-

derstanding of cybersecurity requirements to help you with a risk assessment
and to define the levels of security you require, compliant with IEC 62443.
2. Solution provider: Choose an electrical system technology provider that has
adopted the IEC 62443 standard and has a secure development lifecycle pro-
cess in place that:
• Assures resilient design practices
• Provides for a formal customer response in the event of discovered
vulnerabilities
• Fully tests and validates the security of all components and systems
• Demonstrates third-party cybersecurity certification
• Can deliver customized and flexible solutions that align with your
business requirements
3. Service providers: Choose partners with the required capabilities:
• System integrator with deep IT and OT experience including cyber-
security within the context of critical operational systems

14
“Analysis of the Cyber Attack on the Ukrainian Power Grid”, SANS ICS / E-ISAC, 2016

Understanding cybersecurity for IoT-enabled electrical distribution systems

 Schneider Electric Rev 0 10

• Cybersecurity services that can deliver quick response to help cus-

tomers assess and recover from a cyberattack

Conclusion With the increasing use of IoT-enabled devices and connectivity throughout electri-
cal distribution systems, as well as the trend toward convergence of IT and OT sys-
tems, it is critical that electrical system designers and end users address the need
for cybersecurity. This includes the proper assessment of potential threats and vul-
nerabilities, as well as the specification of appropriate levels of security from the de-
vice to the system level.

The IEC 62443 standard is simplifying this process, by setting out clear guidance
within seven foundational requirements and four standardized security levels for OT
networks. Electrical designers, solution providers, and service providers are adopt-
ing the standard to help their clients design and support electrical infrastructures
that achieve the required levels of cybersecurity.

About the author

Adam Gauci
was born in Toronto, Ontario, Canada and received a Bachelor of Science in Computer Engineering
from Queen’s University at Kingston, Ontario. His previous work experience includes Hydro One
Networks as a Protection and Control Engineer and Cooper Power Systems as a Field Application
Engineer. Currently he is working with Schneider Electric as the Cybersecurity Marketing Leader for
EcoStruxure Power, based in Montpellier, France. Mr. Gauci is a registered Professional Engineer in
the province of Ontario.

IEC TS 62443-1-1:2009 - Industrial communication networks - Network and system se-

curity - Part 1-1: Terminology, concepts and models (with links to all other associated
IEC 62443 standards)

Resources White paper “Cybersecurity. Power industry locks down”, Schneider Electric

Part Number 998-20677347 © 2019 Schneider Electric. All rights re-

White paper “Practical Overview of Implementing IEC 62443 Security Levels in Indus-
trial Control Applications”, Schneider Electric

White paper “Cybersecurity at Schneider Electric: Addressing IT/OT convergence in

a versatile Cyber ecosystem”

White paper "Securing Power Monitoring and Control Systems", Schneider Electric

Blog post “Seven Pillars of Cyber Defense”, Schneider Electric

Power Cybersecurity Solutions, Schneider Electric

Understanding cybersecurity for IoT-enabled electrical distribution systems